Checkpoint does crash when being portscanned. Well, sort of. Quite simply, when a (stateful) firewall, has too many entries in the state table (IE it's full) then the box has problems. In the case of checkpoint (or at least, this was the case a few versions ago) it will crash. (And incidentally, if you are synchronising the state table with another firewall for the purposes of failover, then they'll both crash). IIRC about 25000 connections will do this (less if you are using NAT) Checkpoint also holds the 'state entries' for 50 seconds after the connection is closed (IE FIN packets are seen), so you have a while to reach the magic number. My experience was with a Nokia IP440/Checkpoint Firewall-4.1SP3, but it sounds as if the same situation may be occuring. CONFIDENTIALITY: This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium.
This archive was generated by hypermail 2b30 : Wed Nov 14 2001 - 08:21:56 PST